Payment must be made in Singapore Dollars.
Payment is required within 5 working days on receipt of invoice.
Bookings received less than 14 working days –cash payment only
SUBSTITUTION, CANCELLATION, NO-SHOW, POSTPONEMENT POLICIES, CONTACT DETAILS, and EVENT CONFIRMATION
SUBSTITUTION is allowed up to 7 days before day of event. AdminCharge of S30.00 is required for substitution request received with less than 7 days advance notice.
CANCELLATION must be made in writing. Refunds are computed based on the date of receiving your notice.
Full Refund –28 days or more prior to the event
75% -21 to 27 days notice
50% -20 to 14 days notice
25% -7 to 13 days notice
NO REFUND or credit for 6 days or less notice
NO SHOW, Sick Leave, Urgent BusinessCallor Absent for any reason-the full course fee is due.
If we CANCEL or POSTPONE the event, full refund will be given.
FORCE MAJEURE CLAUSE: We shall assume no liability whatsoever if this event is altered, rescheduled, postponed or canceled due to a fortuitous event, unforeseen occurrence, or any other event that renders performance of this event inadvisable, illegal, impractical or impossible. For purpose of this clause, a fortuitous event shall include but not limited to: an Acts of God; governmental restrictions and / or regulations; war or apparent act of war; terrorism or apparent act of terrorism; disaster; civil disorder, disturbance and / or riots; curtailment, suspension, and/or restriction on transport facilities / means of transportation; any other emergency.
YOUR DETAILS: All details required for registration are mandatory. If you found errors, kindly notify us.
SPEAKER CHANGES: Speakers and topics were confirmed at the time of publishing, however, circumstances beyond the control of the organizers may necessitate substitution, alterations or cancellation of the speakers and/or topics. As such, we reserve the right to alter or modify the advertised speakers and/or topics if necessary. Any substitution or alteration will be reflected on our web page as soon as possible. All delegates or their representative will also be notified as soon as the changes are made.
Tel: 6100 0621http://www.maitreallianz.com

“I completed Treadstone 71’s Cyber Intelligence Tradecraft Certification Training in March 2018. Although I had attended numerous cyber training courses in the past, I found this course to be the best cyber training course ever. The instructor, Jeff Bardin, is a top-notch teacher who has the actual experience and credentials to effectively present the subject to students. In addition to his deep experience, Jeff’s wonderful personality and his passion for cyber intelligence make him a second-to-none instructor. The majority of the classes dealt with intelligence analysis, a subject other cyber intelligence courses fail to cover effectively. I give this course five out of five stars and I highly recommend it to government and private sector employees who want to learn cyber intelligence the right way.”

Like this:

In the summer of 2008, Russia attacked Georgia in the first-ever combined kinetic and cyberwar. Sure, the 1990-1991 Gulf War was dubbed the first information war—the use of information in war is not new. What was new in 2008 was that Russia employed its cyber arm as an independent operational capability alongside its land, sea and air forces. The targets were critical infrastructure. The strategic objectives were to sap Georgia’s will to resist and to provide cover for Russia’s information campaign to deceive the west into believing that somehow little Georgia was the aggressor.

Operational security was paramount—Moscow had to keep everyone confounded about who was behind the cyber attacks. Just like the kinetic invasion, the cyber attacks were long and well-planned, but Russia did a great job covering its tracks. When the shooting stopped, well-meaning researchers investigated what had happened. However, coming from a profession that focuses on computer screens and a culture unaccustomed to the kind of deception that is part of everyday Russian life, they foundered.

The attacks led us to Russia. We noted uncanny timing. Western experts were indeed confounded when the trail led to kids and criminals. I have been following that trail ever since. Insight into Russia, all-source intelligence and a keen understanding of denial and deception were needed.

Today, saying that the Russian state employs a network of cybercriminals to do its online dirty work is commonplace. One might just as well pretend not to know the identity of those little green men who seized Crimea. But when I started saying it in 2010, you would not believe the resistance I encountered.

Jeff will lead off, analyzing the types of D&D, its various dimensions and some tactics that can be employed online and offline. The planners, he will say, must have clear reasons for utilizing D&D based on their goals. They must define the strategic, operational and tactical goals of deception and the criteria for success.

I will point out that Russians do not see cyber warfare as distinct but regard it as just one tool of information war. Look at 2008. The cyber attacks aimed at hampering the Georgian government’s ability to communicate while Moscow’s propaganda machine painted Russia as the aggrieved party. “Information space opens wide asymmetrical possibilities for reducing the fighting potential of an enemy,” writes Valery Vasilyevich Gerasimov, Chief of the Russian General Staff. It’s a remarkable statement, but nothing new—Russian thinking on information warfare has been consistent since the 1980s.

Now, the Kremlin commands a vast network of online intelligence agencies, scientific organizations, academic institutions, criminals, and trolls. We’ll discuss how Russia deals with enemies, foreign and domestic, cyber players and organization, the growing role of the military, tactics, techniques, procedures and tools, vectors, false flags, troll factories and more. Come join us on Wednesday at the RSA Conference.

KM

Share this:

Like this:

The RSA Conference is soon upon us! The expectation to see old friends and make new acquaintances. The show will once again be great with new technologies displayed, new ideas bantered about, and phrases around AI used inappropriately and about 5-10 years too soon. The parties will crank at night and many will suffer the cocktail flu come the next morning. 40,000 strong is the estimated number for this event! Huge!

But what of the undercurrent that occurs unmentioned every year? Just beneath the surface are a series of activities generated by scores of foreign agents looking to steal information, intellectual property, or gain an upper hand over someone of importance being caught doing illicit things. How many spies will blanket the city and the shop floor armed with various technologies used to extract information? Cyber and physical espionage activities run amuck at such events. This is common and expected. How will you know when your data is being pilfered? Will your hotel room be secure? Are your mobile devices secure? What data have you given up already? Flight plans, hotel information, email addresses, phone numbers, social media data, car rental information, events you will attend, arrival and departure times, restaurant reservations, meeting information… Do you think your data is not in the wind already? Will a chance encounter lead to unexpected information sharing? Is the person next to you at the bar there just by coincidence?

All questions you should consider. All questions that are usually forgotten or ignored.

BEHIND ALL COINCIDENCES THERE IS A PLAN, AND BEHIND ALL PLANS THERE IS A COINCIDENCE – Malnar

This 8-week online course begins on Saturday April 28, 2018 at 5PM US Mountain Time ending on Saturday June 23, 2018 at 5PM US Mountain Time.http://www.planetreg.com/T71ONLINETRAINING
The online courses are instructor video and audio recorded with periodic direct interaction with the instructor via online web meetings. The instructor will have standard office time for question and answer as well as regular access via class email and other messaging options.

Validated and registered students will receive login and preparation information 1 week prior to class start. Prospective students must send an email to osint@treadstone71.com from a corporate account to validate course eligibility before registration. (Corporate accounts are not Gmail, Hotmail, Yahoo, Mail, Hushmail, Protonmail, and the like). Treadstone 71 reserves the right to restrict course registration based upon certain risk factors.

Latest student testimonial:“With my extensive experience working in the Department of Defense on active duty and federal contractor, this training provided industry professionals with a greater perspective for intelligence analysis. The training taught state of the art concepts and applied them to real world scenarios establishing a solid understanding on utilizing these intelligence tradecrafts to effectively predict and prevent cyber actors from exploiting their organizations. Individuals new to the cyber intelligence field or professionals who want to fine tune their skills in the intelligence field should strongly consider this training for any intelligence analyst or security professional.”

All students receive 3 books and 50 plus course documents, VPN, and other course material. Students who complete the course will be certified as Cyber Intelligence Tradecraft Professional. 40 CPEs awarded for the course. This course is highly specialized following intelligence community tradecraft. You won’t get this at SANS. You won’t get this anywhere but from Treadstone 71. If you want purely technical, then this is not the course for you. If you want tradecraft that lays the foundation for a solid program, education that creates a lasting impact, then this is the course for you.

Course books and manuals will be provided to students upon accepted enrollment. This course follows traditional intelligence community tradecraft. Treadstone 71 has been teaching cyber intelligence courses in various forms for six years. From academic settings and corporate environments to government facilities. Our customers include some of the largest firms in the world many of whom are part of critical infrastructures recognizing the need to learn how to create intelligence (www.treadstone71.com). We support our training with onsite consulting services that teach you how to create a sustainable program aligned to stakeholders. Ultimately, we teach you what most vendors cannot or will not – how to fish for yourself.

This course combines lecture, research, and hands-on team assignments. Students are best served using a PC but a MAC will do (a virtual machine running windows on the Mac is best if you only have a Mac).

How is this course different from the current Treadstone 71 Cyber Intelligence course?

This course provides definitive sections along the intelligence lifecycle that are in-depth. Students are required to demonstrate understanding and use of collection methods using defined targets and target case studies, understanding and applying analytic techniques, when and how to use analytic techniques and analytic types. Students are presented case studies for analysis, required to use tradecraft methods, and provide written reports in standard analytic format. Students are also required to orally present their deliverables to the class. You will leave this course with the tools, methods, and understanding necessary to enhance your intelligence program.

“The Cyber Intelligence Training delivered and created by Jeff Bardin will add rapid returns to both Cyber Intel Analysts, and your Security Operations. This very thorough class adequately prepares the student for your Cyber Intelligence function. This class starts with the history of intelligence as a tradecraft and the evolution to the digital corporate world. Along the way, each student receives quality instruction and hands-on experience with today’s OSINT tools. This is necessary for anyone new to Cyber Intelligence and complimentary to any Security Operations within your enterprise. This class provides the student with the resources and fundamentals needed to establish cyber intelligence as a force as both a proactive offensive step and a counter intelligence-contributing arm of your larger team.”

“The class was very detail orientated with a strong focus on the work of Cyber threats and how to better secure your assets against potential attacks. For most scenarios, we went through he had an open source tool, or the link to a paid version, to monitor or prevent the attacks from occurring. He was able to answer each and every question asked with specific details, and then some. I would sign up again right away for any other classes offered by Jeff.”

“Fantastic class that gets to the foundational aspects of traditional tradecraft. We studied hard examining recent attack campaigns. The analysis training prepared me forreal world efforts. Have to say this is one of the best classes I have ever taken having taken many from SANS. SANS does not compare. They are more of a class mill today. The Treadstone 71 course material is unique, focused, and timely.”

“The Cyber Intelligence training offered by Treadstone71 is definitely an outstanding course and I recommend it for any organization looking to implement an intelligence capability. Jeff Bardin is extremely knowledgeable in the intelligence tradecraft and applies it to the cyber realm in a way that is understandable, exciting to learn and makes it easy to achieve “quick wins” in the organization after completing his class. Jeff provided the class with a multitude of tools, templates, and documents that can immediately be used by any organization focused on intelligence collection and analysis. Jeff arrived well prepared to teach the course and one of the most impressive aspects of the class was that he presented the material in a way that displayed his personal knowledge and experience in the field rather than relying solely on book material. We intend to continue leveraging Jeff’s services as we mature our cyber intelligence capability and highly recommend Treadstone71’s services to any organization.”

“This is one of the best, if not the best, Cyber Threat Intelligence training course I’ve attended.”

“This course was excellent. I was concerned coming into it that I would already know all the course material (I have been doing this sort of work for 15 years, specifically the type of work this course covered). As it turns out, it was a good reminder of what I should be doing to improve structure and rigor, and provided good tools, some of which I had not seen before. If I was new to this field or looking for a good insight into how Intelligence should work (i.e.: most of the rest of the class), I believe this would have provided even more value. I have already recommended it to a couple of my former colleagues in this line of business and would happily recommend it for future use by ########.”

Course material is not for resale or commercial use outside the end user license agreement. Course material may not be used for competitive purposes.

NOTE: Organizations sending 3 or more students are eligible for other discounts. Contact Treadstone 71 at osint@treadstone71.com for more information.

NOTE: CORPORATE PURCHASE ORDERS can be arranged. Please contact us at osint@treadstone71.com to begin the process. Payment must be received prior to course start.

You must attend the full class in order to gain access course material and the certification. Certification is granted after completion of course instruction and hands-on application of the concepts in 3 to 4 team exercises. If a student leaves the class prior to course completion, neither the certification is granted nor is the course material covered after the student leaves made available. Lectures and associated materials posted each day after each lecture. This method supports the student in a just-in-time manner. This method ensures full understanding of the material without discovering course plot lines until the proper time. The course is architected to support a particular process flow and learning method.

Submitting your registration means you agree to the course EULA and all that it entails. Couse EULA
Treadstone 71 reserves the right to cancel the course should we not receive enough registrations.

www.planetreg.com/T71ONLINETRAINING

Registration

Pay by April 15, 2018

Pay by April 15, 2018

$4,499.00

Share this:

Like this:

This course provides tradecraft training along the intelligence lifecycle including collection methods, techniques, planning, PIRs, and collection tools and targeting. Intelligence production methods and process flows are covered as well as evidence credibility, reliability, denial and deception, and confidence levels.

Students are required to demonstrate understanding and use structured analytic techniques as well as various types of analysis including synthesis and fusion of data and information into actionable intelligence. The class covers methods of adapting TTPs and IoCs for hunt and detect and interfaces to incident response.

The course includes case studies covering adversary campaign research and analysis, historical trending, and passive adversary collection. Students will be instructed in applying analytic techniques, when and how to use analytic techniques and analytic types. Students are presented several case studies for analysis, required to use tradecraft methods, and provide written reports in standard analytic format will dissemination the reports to stakeholders.

Framework Connections

The materials within this course focus on the Knowledge Skills and Abilities (KSAs) identified within the Specialty Areas listed below. Click to view Specialty Area details within the interactive National Cybersecurity Workforce Framework.

Share this:

Like this:

One more fascinating/outstanding effort by the new Kansas State Dragon Team. This time we researched the major powers’ use of Drones on bicoastal AOs in Africa. Many interesting conclusions and lots of resources involved. The false flag is counter-terrorism. The real agenda is resources: gold, diamonds, cotton. China continues it “Take and Talk strategy” in Africa and the Spratly Islands back in its home territory of the South China Seas.

We next intend to look at China’s interference with India and Pakistan. The next war will be by Drone proxy – as predicted. Too much UAS investment by so many big players to leave them dormant. Or it might be very subtle like disruption of GPS communications or replay of navigation bridge signals on US naval assets.

Share this:

Like this:

Foundations for a Strong Intelligence ProgramApril 18, 9AM-11AM RSA Conference
This Lab will explore key aspects of building a strong and long-lasting cyberthreat intelligence program. We’ll review methods of threat intelligence platform selection and bake-off techniques as well as cover stakeholder analysis and priority intelligence requirements. Additionally, we’ll practice collection planning and mission management as well as how to establish effective reporting and dissemination capabilities.

Cyber CounterIntelligence – Deception, Distortion, DishonestyApril 18, 1:45PM-2:30PM RSA Conference
Deception, distortion, dishonesty are core to social media postings. Our adversaries use these methods concocting stories that create illusions that are meant to leave us divided. The talk will cover methods of countering their messaging while applying these tactics to protect your own organization and brand. Moving from intelligence to counterintelligence is the natural next step in our evolution.

Share this:

Like this:

How a toxic computer code delivered by ‘Remote Access Trojans’ is an invisible army able to take over a petrochemical plant and blow it to pieces

Ironically, said Bardin, it was Stuxnet that led Iran to enhance its offensive capability: ‘If Stuxnet had happened to the US or UK, it would have been seen as an act of war. In Iran, it made them invest heavily in offensive cyber operations.’

He revealed that 18 per cent of Iranian university students are studying computer science – a cyber warfare talent pool.

No guns. No bombs. No conventional weapons of any kind. An invisible army able take over a petrochemical plant like this and blow it to pieces. That’s the power of a toxic computer code delivered by RATs – ‘Remote Access Trojans’ – that’s making UK security experts VERY nervous indeed

‘Fixing this takes political will, and business is always pushing back, because good cyber security adds costs,’ said Bardin. ‘Ultimately, something is going to blow up.’

Share this:

Like this:

As I look at the threat intelligence platforms and other IT solutions claiming to be artificial intelligence platforms, I can only surmise that this coincidence is in lockstep with the dumbing down of America. “Artificial intelligence is intelligence displayed by machines, in contrast with the natural intelligence displayed by humans and other animals,” as defined by Wikipedia surmises that computer systems must display the same level of intelligence as humans or even animals. If this is the case and based on what I have witnessed over the past few years in the United States, I am forced to agree with this definition. Therefore, I would agree with the Cylance’s and Crowdstrike’s of the world who claim to have artificial intelligence within their platforms. I would just be suspect that the platform IQ is hovering well below that of a Gumpian character or someone who pattern matches a rhino and lion to invalidate dementia. Should we try the definition again? ”A computer can beat the world chess champion and understand voice commands on your smartphone, but real artificial intelligence has yet to arrive,” as per the BBC. And that computer is Watson, not a few VMs strung together amongst some CPUs. That seems much more in line with the technical capabilities. “The experts predict that AI will outperform humans in the next 10 years in tasks such as translating languages (by 2024), writing high school essays (by 2026), and driving trucks (by 2027),” according to a May 2017 MIT Tech Review article. That is hardly true AI. If you ask several security vendors (wait for RSA 2018 – San Francisco), we have AI now and it is destroying adversary malware and hackers.

“We also struggle to understand what’s meant by intelligence. For example, AI experts consistently underestimated the ability of AI to play Go. Many thought, in 2015, it would take until 2027. In the end, it took two years, not twelve. But does that mean AI is any closer to being able to write the Great American Novel, say? Does it mean it is any closer to conceptually understanding the world around it? Does it mean that it’s any closer to human-level intelligence?” – By Thomas Hornigold – Jan 01, 2018

Before you buy the next new and shining offering that claims to be AI, have someone give you a gentle cuff side the head as a wakeup call to the noise that is being presented. These are at best incremental gains doing battle against a much more devious and faster adversary. Magazines are touting AI, companies are touting AI, and you are buying snake oil. Not much has changed over the years. This is AI snake oil based in a failed premise of see-detect-and arrest. A losing proposition and you are paying a premium to fail for after-the-fact ‘prevention.’ Wake up CISOs. Demand better.

Share this:

Like this:

The recent Russian Zapad wargaming exercises included a plethora of electronic capabilities demonstration and potentially more. Russia is known to recently been involved in illegal immigration efforts in Sweden, Finland, and Norway along with hostile intent along its northern borders (Estonia, Latvia, Lithuania) including cell/communication tower tampering. Could the recent Zapad exercises be more than just wargaming?

Some What If thoughts on these non-linear actions:

– Testing capabilities, distance, strength, impacts

– Testing responses like a stone in pond

– 2nd and 3rd order effects were measured to determine the impact on targets, targets responses, etc.

– Russians had people in each target country assisting with target impacts

– Russians monitored target government communications from within each country

– Determine length of time for target government to respond and what methods were used and where to get communications back online (if at all) – the locations of the response represent capabilities unknown to Russia until such an exercise is performed

– Other possibles:

– A cover for illegal activities that occurred during the exercise – a feint, a ruse

– Testing a precursor to actual execution – that is why military exercises are performed

– What capabilities are being left in the exercise areas; what is not being removed after the exercise using the exercise as a ruse to place assets close to Western borders that were not there before

Humphreys, T.E, (7/18/2012) Statement on the Vulnerability of Civil Unmanned Aerial Vehicles and Other Systems to Civil GPS Spoofing, Submitted to the Subcommittee on Oversight., Investigations, and Management of the House Committee on Homeland Security.

Volpe, J.A, (8/29/2001) Vulnerability Assessment of the Transportation Infrastructure Relying on the Global Positioning System, Final Report, Office of Assistant Secretary for Transportation Policy, U.S. Department of Transportation, John A Volpe Transportation Systems Center.

Subvert the enemies social and political structure – political and social agitation, remove confidence in a system, sow seeds of discontent, pit brother against brother = create confusion and dissent. – Used to confuse, lie, misrepresent, destabilize, and erode the current social order the current political order

It can easily be said that social engineering is the exploitation of human behavior and trust.

Propaganda that fits my beliefs and further accentuates the ‘truth’ although false, in that belief

We plan… They plot. We are clever… They are sneaky. We form strategies… They conspire. We have convictions… They are fanatics.

The overwhelming preponderance of people have not freely decided what to believe, but, rather, have been socially conditioned (indoctrinated) into their beliefs.

Born on 8 September 1955 in the city of Kazan. In 1977, he graduated from the Kazan Higher Tank Command School named after the Presidium of the Supreme Soviet of the Tatar ASSR (Autonomous Soviet Socialist Republic). He commanded platoon, company, battalion in the Northern Group of Troops and Far Eastern Military District.

After his graduation from the Military Academy of Armored Troops named after Marshal of the Soviet Union R.Ya. Malinovsky in the year of 1987, he served as the chief of headquarters and commander of tank regiment, the chief of headquarters of motorized rifle division in the Baltic Military District. From 1993 to 1995 — the commander of motorized rifle division in the North-Western Group of Troops.

After graduating from the Kazan Higher Tank Command School Gerasimov was the commander of a platoon, company, and battalion of the Far Eastern Military District. Later he was chief of staff of a tank regiment and then of a motorized rifle division in the Baltic Military District. From 1993 to 1995 he was the commander of the 144th Guards Motor Rifle Division in the Baltic Military District and then the North-Western Group of Forces.

After he graduated from the General Staff’s academy he was First Deputy Army Commander in the Moscow Military District and commander of the 58th Army in the North Caucasus Military District during the Second Chechen War. His involvement in the arrest of Yuri Budanov led to praise from journalist Anna Politkovskaya.

In 2006, he became commander of Leningrad Military District and moved to be the commander of Moscow Military District in 2009 and Central Military District in April 2012. On 23 December 2010, he became deputy Chief of the General Staff

In 1997 after his graduation from the Military Academy of the RF Armed Forces’ General Staff, he served as the First Deputy Commander of Army in the Moscow Military District, the Deputy Commander, Chief of Staff and Commander of the 58th Army in the North Caucasian Military District.

From 2003 to 2005 — the Chief of Staff of the Far Eastern Military District. From 2005 — the Chief of the Main Administration of Combat Training and Troops’ Service of the RF Armed Forces, and from December 2006 — the Chief of Staff of the North Caucasian Military District.

In December 2006, he was assigned as the Commander of the Leningrad Military District, and in February 2009 — as the Commander of the Moscow Military District.

From December 2010 — the Deputy Chief of the General Staff of the Armed Forces of the Russian Federation.

From 26 April 2012 — the Commander of the Central Military District.

By the RF Presidential Decree of 9 November 2012, he has been appointed the Chief of the General Staff of the Armed Forces of the Russian Federation / First Deputy Minister of Defence of the Russian Federation. He was appointed by President Vladimir Putin on 9 November 2012. Some authors credit Gerasimov as the person behind a so-called “Gerasimov doctrine” – currently prevalent in Russian military strategy – combining military, technological, information, diplomatic, economic, cultural and other tactics, which are then deployed towards one set of strategic objectives. This “political warfare” is preferred due to its comparatively low cost.

The previous Chief of General Staff, Army General Nikolay Makarov, was seen as close to Serduykov and was seen by commentators as likely to be replaced by new Defence Minister Sergey Shoygu. It has been reported that Makarov resigned, but he was formally dismissed by President Vladimir Putin. Other changes were the dismissal of Alexander Sukhorukov from the position of First Deputy Defence Minister and his replacement by Colonel General Arkady Bakhin, formerly commander of the Western Military District. Aerospace Defence Forces commander Colonel General Oleg Ostapenko was also promoted to Deputy Defence Minister. He was promoted to the highest rank in the Russian Army, General of the Army as of 2014. On September 15, 2016, he and Turkish chief of staff General Hulusi Akar conducted a

meeting on the future of Syria in the Ankara headquarters of the army. That meeting will result in tightened dealings between Russia and Turkey.

There is an old Soviet-era rhetorical device that a ‘warning’ or a ‘lesson’ from some other situation is used to outline intent and plan. The way that what purports to be an after-action take on the Arab Spring so closely maps across to what was done in Ukraine is striking. Presenting the Arab Spring–wrongly–as the results of covert Western operations allows Gerasimov the freedom to talk about what he may also want to talk about: how Russia can subvert and destroy states without direct, overt and large-scale military intervention. However, the assumption that this is a Western gambit primarily does appear genuinely-held. https://inmoscowsshadows.wordpress.com/2014/07/06/the-gerasimov-doctrine-and-russian-non-linear-war/

In April 2014 Gerasimov was added to the list of persons against whom the European Union introduced sanctions “in respect of actions undermining or threatening the territorial integrity, sovereignty, and independence of Ukraine.”

Hero of the Russian Federation.

Personal decorations: Order for Military Merits, Order for Merits to the Fatherland 4th grade, Order for Service to the Homeland in the USSR’s Armed Forces 3rd grade, Order of St. George 4th grade, Order for Merits to the Fatherland with Swords 3rd grade, Order for Honor.

The role of nonmilitary means of achieving political and strategic goals has grown, and, in many cases, they have exceeded the power of force of weapons in their effectiveness.

For me, this is probably the most important line in the whole piece, so allow me to repeat it: The role of nonmilitary means of achieving political and strategic goals has grown, and, in many cases, they have exceeded the power of force of weapons in their effectiveness. In other words, this is an explicit recognition not only that all conflicts are actually means to political ends–the actual forces used are irrelevant–but that in the modern realities, Russia must look to non-military instruments increasingly.https://inmoscowsshadows.wordpress.com/2014/07/06/the-gerasimov-doctrine-and-russian-non-linear-war/

Share this:

Like this:

Syrian violations of sanctions with Russian FSB assistance to manufacture ballistic vests – Not discovered by any organization other than Treadstone 71 – No sensors, no aggregation of thousands of taps – Just hard-nosed open source collection and analysis

Russian malware tied to BlackEnergy / Dragonfly embedded in PLC software at Delta Electronics Taiwan – before Symantec and all the large ‘cybersecurity’ firms – No sensors, no aggregation of thousands of taps – Just hard-nosed open source collection and analysis

Share this:

Like this:

Past report on Syrian Government collusion with Russia to bypass sanctions against Syria. This instance involves acquiring materials and machines to manufacture their own body armor in Latakia by way of the UAE where a Syrian soldier working with a female FSB agent centralize the acquisitions.

Visas, passports, military IDs, fake names, bills of lading and more for your reading and review.

Share this:

Like this:

Treadstone 71 developed a maturity model to help organizations determine the maturity of their cyber intelligence initiatives against the cyber intelligence common body of knowledge (CICBOK). The model provides strategic and operational aspects of your cyber intelligence maturity, where it needs to go, and where you should concentrate your attention to create more value for your business. Nearly 8 years in the making, the Treadstone 71 Cyber Intelligence Maturity Model uses traditional tradecraft as delivered by Sherman Kent and Richards Heuer, intelligence community standards, analytic standards, and experiential knowledge derived from years of training, assessing, and building cyber intelligence programs.

The Treadstone 71 Cyber Intelligence Capability Maturity Model (T71-CICMM) is a methodology used to develop and refine an organization’s cyber intelligence program. Not only is the model educational and practical skills for learning and developing expertise, but also a roadmap for building a cyber intelligence program. More information is available here:

Share this:

Like this:

I keep a vigil in a wilderness of mirrors
Where nothing here is ever what it seems

Yuri Nosenko

“Instead of being relieved to hear that the Soviets had not been involved in the assassination, James Jesus Angleton, the C.I.A.’s legendarily suspicious counterintelligence chief, and others in the spy trade thought Mr. Nosenko’s apparent defection was a trick.”

“After all, the agency had suffered a series of setbacks, including the unmasking and execution of two Russian intelligence officials who had been spying for the C.I.A. inside the Soviet Union.”

Not much has changed with respect to Russian counterintelligence activities but for the medium of use. The Internet affords great opportunities for denial and deception, counterdenial and counterdeception, ruses, feints, doubleplays, and other methods of manipulation and influence management. Want to learn more? Try Treadstone 71’s Cyber Counterintelligence Tradecraft Certification – http://www.planetreg.com/T71IntelTraining

Share this:

Like this:

This is a one-day course designed to educate corporate leadership and stakeholders in cyber and threat intelligence. There is a general awareness of the need to establish intelligence functions. Many organizations do not have a fundamental understanding of what intelligence is, where the function should reside, how it is different from business and competitive intelligence while understanding the overlaps and natural points of integration. This one day course targets corporate leadership delivering a clear and coherent training that equips stakeholders with the understanding and tools they need to assist in building a successful intelligence program.

Corporate stakeholders risk investing large amounts of time and money with little positive effect their security, corporate strategies, and business direction. The C-Suite and Stakeholders participating in this course ensures their understanding of the discipline required to build a successful program. The course helps align information security, incident response, security operations, threat and cyber intelligence with the business.

Share this:

Like this:

“This past week, I had the absolute pleasure of attending the 5-day Treadstone 71 Cyber Intelligence Tradecraft Professional Certification course along with three of my colleagues. Mr. Jeff Bardin was the instructor and his knowledge and depth in this area is exceptionally impressive!

The training allows students to gain a better understanding of the cyber intelligence life cycle, the role and value of cyber intelligence relative to online targeting and collection, in modern organizations, businesses, and governments at the completion of this course. In addition, students understand: the methods of online anonymity, the fundamentals behind cyber intelligence collection and analysis, and how these current methods can be employed in our organizations to assist in online operational security and in defense against adversaries. The course was a combination of lecture, hands-on and student deliverables seen by many as an apprenticeship. We completed 4 case studies throughout the week in varying subjects such as Iranian hackers, high financial networks, Russian SCADA equipment, etc.

I would highly recommend this course to anyone looking to further their knowledge in the cyber area. It will also allow you to become a better intelligence analyst, as a whole. Overall, it was a truly fantastic learning experience that is applicable in both our personal, as well as professional lives. I most certainly have a new appreciation for online security and safety.” – Recently certified student February 2017

Like this:

Treadstone 71 today announced a full suite of Cyber and Threat Intelligence and CounterIntelligence training courses. The courses drive the expansion of Treadstone 71’s accelerated, academically validated, intelligence training to global markets. Treadstone 71 delivers courses in California, Virginia, Canada, the United Kingdom, and the Netherlands and is set to expand to the Middle East and Asia later this year. (www.planetreg.com/T71IntelTraining)

Treadstone 71 offers a compelling business model that delivers rapid cyber and threat intelligence strategic planning, program build, and targeted training in sectors such as financial services, government, healthcare, energy, and other critical infrastructure verticals. Treadstone 71’s format, curriculum, and instruction model are helping meet critical global demand for cyber and threat intelligence and analysis expertise. Treadstone 71 training provide graduates with an attractive pathway to compensation increases, career progression, and much-needed attention to intelligence. The organization has been teaching cyber intelligence at the Master’s level and commercially for seven years. New courses include a focus on campaign management, the use of Tor, Tails, I2P, and Maltego as well as covering persona development and management. Students create a series of identities, character development, and dimensions, storyline, plot synopsis, story drive and limit, story weaving, applicability, scope, tools to be used, methods of interaction with other identities, engaging secondary characters, refining targeting while developing a campaign to gain street credentials.

Analysis includes integrating, evaluating, and analyzing all available data — which is often fragmented and even contradictory — and preparing intelligence products. Despite all the attention focused on the operational (collection) side of intelligence, analysis is the core of the process to inform corporate stakeholders. Analysis as more than just describing what is happening and why; identifying a range of opportunities… Intelligence Analysis is the key to making sense of the data and finding opportunities to take action. Analysis expands beyond the technical focus of today providing organizations with core capabilities for business, competitive, cyber, and threat intelligence.

Treadstone 71’s Cyber Intelligence Tradecraft Certification is the gold standard in the industry today derived from both academia and from Treadstone 71’s experience in building cyber intelligence programs at Fortune 500 organizations worldwide.

Share this:

Like this:

Many believe that we are not in some sort of state of cyber warfare. Many believe that it is only influence operations. These are the same people who are selling you security technologies and services to protect your environment. They believe calling our current state cyber war is hype. They fact that they believe this is demonstrated in their technologies that have double and triple downed on solutions that do not work. Solutions based solely on see, detect, and arrest. A paradigm proven over the past 20 years to be a paradigm of failure. The game of many a vendor (not all) is to generate revenue off your fear. A fear that can be remedied if we fix information security by first starting to fix information technology (see Cyber Security Predictions – Not Reality TV – Just Daytime Entertainment). One of the problems we have is standard taxonomy and glossary. Most do not have an understanding of the basics of intelligence and war. Most feel the need to apply physical characteristics to cyber actions in order for those actions to be taken as some sort of warfare. This is a major misnomer. My request here is for you to read the limited glossary items below. Once you have read these items, think of where we are today with respect to cyber security. If after reading and applying critical thinking to the terms and our current state of cyber security you do not believe we are in a state of cyber cold war, then provide some well thought out comments as to what state we are in fact in.

Planned operations to convey selected information and indicators to foreign audiences to influence their emotions, motives, objective reasoning, and ultimately the behavior of foreign governments, organizations, groups, and individuals. The purpose of psychological operations is to induce or reinforce foreign attitudes and behavior favorable to the originator’s objectives. (JP 1-02 and JP 3-13.2)

Military Deception

Actions executed to deliberately mislead adversary military decision makers as to friendly military capabilities, intentions, and operations, thereby causing the adversary to take specific actions (or inactions) that will contribute to the accomplishment of the friendly mission. (JP 1-02)

According to JP 3-13.4, Counterintelligence provides the following for MILDEC planners:

Identification and analysis of adversary intelligence systems to determine the best deception conduits;

Establishment and control of deception conduits within the adversary intelligence system, also known as offensive CI operations;

Participation in counterdeception operations;

Identification and analysis of the adversary’s intelligence system and its susceptibility to deception and surprise; and

OPSEC is a five-step iterative process that assists an organization in identifying specific pieces of information requiring protection and employing measures to protect them.

Identification of Critical information: Critical information is information about friendly intentions, capabilities and activities that allow an adversary to plan effectively to disrupt their operations. U.S. Army Regulation 530-1 has redefined Critical Information into four broad categories, using the acronym CALI- Capabilities, Activities, Limitations (including vulnerabilities), and Intentions.This step results in the creation of a Critical Information List (CIL). This allows the organization for focus resources on vital information, rather than attempting to protect all classified or sensitive unclassified information. Critical information may include, but is not limited to, military deployment schedules, internal organizational information, details of security measures, etc.

Analysis of Threats: A Threat comes from an adversary – any individual or group that may attempt to disrupt or compromise a friendly activity. Threat is further divided into adversaries with intent and capability. The greater the combined intent and capability of the adversary, the greater the threat. This step uses multiple sources, such as intelligence activities, law enforcement, and open source information to identify likely adversaries to a planned operation and prioritize their degree of threat.

Analysis of Vulnerabilities: Examining each aspect of the planned operation to identify OPSEC indicators that could reveal critical information and then comparing those indicators with the adversary’s intelligence collection capabilities identified in the previous action. Threat can be thought of as the strength of the adversaries, while vulnerability can be thought of as the weakness of friendly organizations.

Assessment of Risk: First, planners analyze the vulnerabilities identified in the previous action and identify possible OPSEC measures for each vulnerability. Second, specific OPSEC measures are selected for execution based upon a risk assessment done by the commander and staff. Risk is calculated based on the probability of Critical Information release and the impact if such as release occurs. Probability is further subdivided into the level of threat and the level of vulnerability. The core premise of the subdivision is that the probability of compromise is greatest when the threat is very capable and dedicated, while friendly organizations are simultaneously exposed.

Application of Appropriate OPSEC Measures: The command implements the OPSEC measures selected in the assessment of risk action or, in the case of planned future operations and activities, includes the measures in specific OPSEC plans. Countermeasures must be continually monitored to ensure that they continue to protect current information against relevant threats.The U.S. Army Regulation 530-1 refers to “Measures” as the overarching term, with categories of “Action Control” (controlling one’s own actions); “Countermeasures” (countering adversary intelligence collection); and “Counteranalysis” (creating difficulty for adversary analysts seeking to predict friendly intent) as tools to help an OPSEC professional protect Critical Information.

Cold War – a state of political hostility between countries characterized by threats, propaganda, and other measures short of open warfare – a conflict or dispute between two groups that does not involve actual fighting.

Cyber War – the use of computer technology to disrupt the activities of a state or organization, especially the deliberate attacking of information systems for strategic or military purposes. Cyber warfare involves the actions by a nation-state or international organization to attack and attempt to damage another nation’s computers or information networks through, for example, computer viruses or denial-of-service attacks.

To repeat. think of where we are today with respect to cyber security. Apply critical thinking to the terms and our current state of cyber security. Assess our relationship with Russia. Provide some well thought out comments as to what state we are in fact in if you believe we are not in a state of cyber cold war with Russia. If we are not, then how would you define our current state?

Treadstone 71

44.49520534.166301

Share this:

Like this:

SQLMap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. The above is a repurposed video on how to use this tool as circulated by Iranian hackers.

Share this:

Like this:

The plethora of 2017 cyber security predictions do nothing but distract practitioners from executing actual controls and methods of defense and prevention. Each year we get slammed with predictions that are never followed, are common sense, and serve to market and sell products and services. The so-called information and cyber security experts, many times self-proclaimed, spew predictions on all potential areas. This is not much more than fake news and methods to direct readers to vendor products. The vendor products that claim to solve these predictions and therefore, become self-fulfilling prophecies. For the most part, once the predictions are published, the follow-up to their success is non-existent. Their purposes are to market and sell, drive perception, manage the market, and drive a false sense of vendor expertise.

We should focus on actual problem resolution and change the failed paradigm within which security exists. We continue to propagate vendor products and services that do not work, only treating the symptoms. This is not much different from the pharmaceutical industry that markets pills to you each evening during the news and prime time. Pills that treat symptoms and cause more side effects than they do solve issues. Advertisements that drive up the cost of the product manipulating the market and those that prescribe the ‘solutions’ to recommend purchase.

The only way we change this paradigm, and I mean we, is to push back on these vendors to solve problems and quit selling products that treat symptoms. We must also correct our own internal behaviors. A few weeks ago, I published a potential list of 12 items to change this paradigm (the 12th is a shameless plug so 11). They are listed below.

We need to forget the Jerry Springer-like entertainment of annual cyber predictions and focus on solving the hard problems we face.

What does Treadstone 71 seek? We seek an end to the noise and an understanding that our information, our intellectual property, and our way of life is under constant siege. We are in a cyber war with skirmishes and battles occurring 24×7. We need to direct the carpetbagging vendors to cease in their war profiteering and take a moral stance in fighting our adversaries. We also need to correct and adjust how we run IT and information security. The list of 11 is below. We welcome your comments, your additions, and your assistance in this call to action to change the failed paradigm.

Treadstone 71

All CIOs must have served as a CISO for at least four years before being allowed to be a CIO.

All CIOs must have a CISSP, CISM, and at least two technical information security certifications and have been thoroughly trained and qualified to be a CIO. No more cronyism.

CISOs will never report to the CIO – conflict of interest and a recipe for … what we have now.

If you are the administrator for a device, you secure that device (servers, routers, appliances, etc.). You are responsible and accountable – Secure what you own. Secure what you manage.

CIOs and their leadership will be held liable for deploying vulnerable systems.

All new products (IoT and beyond) must be certified secure before public release. No more figure it out as we go and bolt it on after we have consumers hooked.

All root access / administrative rights for production, critical, supporting, etc., systems and devices are removed and granted only for approved changes and incidents.

All written code and script must be written properly. There is no such thing as secure code, only code the works correctly and does not create vulnerabilities.

All operating systems will be shipped closed and installed closed with a risk rating system for each port, protocol, and service. Each modification reduces the security posture of the operating system providing a risk score while automatically offering advice on how to remediate that score with other controls.

New regulations to enforce security and privacy, demanding disclosure of breaches, fining companies and individuals for negligence are put in place, at once.

Vendors posting adversary IoCs, TTPs, and other methods that would normally be seen as ‘telling the enemy what we know, i.e., sedition’ will be fined for such activity.

You will tell yourselves over and over again that contracting with Treadstone 71 to build your cyber intelligence strategy and program is the absolute right thing to do (repeat after me …).

Decided to add a real 12:

Let’s create a focused call to action to change the paradigm. Open to suggestions, dedicated forums, public push to change vendors, public push to force IT to change.

9. All operating systems will be shipped closed and installed closed with a risk rating system for each port, protocol, and/or service. Each modification reduces the security posture of the operating system providing a risk score while automatically offering advice on how to remediate that score with other controls.

10. New regulations to enforce security and privacy, demanding disclosure of breaches, fining companies and individuals for negligence are put in place, at once.

11. Vendors posting adversary IoCs, TTPs, and other methods that would normally be seen as ‘telling the enemy what we know, i.e., sedition’ will be fined for such activity.

12. You will tell yourselves over and over again that contracting with Treadstone 71 to build your cyber intelligence strategy and program is the absolute right thing to do (repeat after me …).

5. Intro to the Darknet
5.1 Introduction to the Darknet (NOTE: Some/Many of the sites come and go and may not be available for review)
5.1.1 How to Access Onion Sites
5.1.2 Tor – Download, Installation, Use
5.1.3 Markets to Search
5.1.4 Site for Exploration:

Share this:

Like this:

The Internet is the principle arena for online communication. Within the online community, individuals can choose who they are. If a member chooses an online identity that is something other than who they are in real life, then the identity created is a sockpuppet. The purpose of this research was to examine the utilization and management of sockpuppets within online communities. What are the ethical and legal boundaries in the use of sockpuppets within civilian online communities? What is the role of sockpuppets in the intelligence community? The intent behind sockpuppet use determines the ethical and legal boundaries within civilian online communities. If the intent is for entertainment and communication, online communities exhibit various levels of tolerance for ethical versus unethical choices of sockpuppets. However, legal boundaries are crossed if the intent is to do harm. The United States is not consistent with legislation involving sockpuppets. The intelligence community uses sockpuppets to assist in maintaining national security. A sockpuppet allows an analyst to infiltrate targeted online communities, and once inside to gather information about the group. Sockpuppets are accepted within the communities and gain a perspective similar to an offline undercover agent. It takes great effort and skill to create long lasting and believable identities that effectively collect actionable intelligence. Conclusions generated based on a review of the current research include; federal legislation and management defining and clarifying criminal use of a sockpuppet, the creation of a best practices manual for the intelligence community to standardize training and utilization of sockpuppets, as well as continued study of the evolution of the sockpuppet.

Share this:

Like this:

“Why trigger an attack when you don’t need it?” Jeff Bardin, the chief intelligence officer at the cyber intelligence firm Treadstone 71, told Business Insider, adding that the Russians may be waiting for an economic emergency to launch a full-throated cyberattack.